<%@ page import="java.sql.Connection" %>
<%@ page import="java.sql.DriverManager" %>
<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.ResultSet" %>
<%@ page import="java.sql.Connection" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
  request.setCharacterEncoding("utf-8");
  String username = request.getParameter("username");
  String password = request.getParameter("password");

  //加载驱动
  Class.forName("com.mysql.jdbc.Driver");

  //建立连接
  String url ="jdbc:mysql://localhost:3306/book";
  Connection connection = DriverManager.getConnection(url,"root","root");


  //sql语句模板
  String sql = "select * from user where username = ? and password = ?";

  //创建preparedStatement对象
  PreparedStatement ps =connection.prepareStatement(sql);

  //参数赋值
  ps.setString(1,username);
  ps.setString(2,password);

  //执行查询
  ResultSet rs = ps.executeQuery();

  if (rs.next()){
    //如果查询结果存在相应的数据 表示登陆成功
    session.setAttribute("username",username);//把用户名写入session对象中
    out.print("登陆成功");
    response.sendRedirect("home.jsp");
  }else{
    out.print("登陆失败");//三秒后跳转页面
    response.setHeader("refresh","3;url='login.jsp");
  }

%>